diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2016-04-18 00:48:51 +0300 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-18 01:42:49 +0300 |
| commit | 7cc239528ea7f4905e6d773771006ec661d628d6 (patch) | |
| tree | 8b718249cae653d938b00c36213c2d4943cf29ec /app/helpers/commits_helper.rb | |
| parent | 1c93b33587a5e0a0596b43772ee9e709e9962368 (diff) | |
Remove persistent XSS vulnerability in `commit_person_link` helper
Because we were incorrectly supplying the tooltip title as
`data-original-title` (which Bootstrap's Tooltip JS automatically
applies based on the `title` attribute; we should never be setting it
directly), the value was being passed through as-is.
Instead, we should be supplying the normal `title` attribute and letting
Rails escape the value, which also negates the need for us to call
`sanitize` on it.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126
Diffstat (limited to 'app/helpers/commits_helper.rb')
| -rw-r--r-- | app/helpers/commits_helper.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/helpers/commits_helper.rb b/app/helpers/commits_helper.rb index 35ba543cef1..5394347bd15 100644 --- a/app/helpers/commits_helper.rb +++ b/app/helpers/commits_helper.rb @@ -183,7 +183,7 @@ module CommitsHelper options = { class: "commit-#{options[:source]}-link has-tooltip", - data: { 'original-title'.to_sym => sanitize(source_email) } + title: source_email } if user.nil? |